def revision_add_attachment(request, pk):
"""Add attachment, download if necessary
"""
revision = get_object_or_404(PackageRevision, pk=pk)
if request.user.pk != revision.author.pk:
log_msg = ("[security] Attempt to add attachment to package (%s) by "
"non-owner (%s)" % (revision.package, request.user))
log.warning(log_msg)
return HttpResponseForbidden(
'You are not the author of this %s' % escape(
revision.package.get_type_name()))
url = request.POST.get('url', None)
filename = request.POST.get('filename', None)
if not filename or filename == "":
log.error('Trying to create an attachment without name')
return HttpResponseBadRequest('Path not found.')
content = ''
if url:
log.info(('[%s] Preparing to download %s as an attachment of '
'PackageRevision %d') % (filename, url, revision.pk))
# validate url
field = URLField(verify_exists=True)
encoding = request.POST.get('force_contenttype', False)
try:
url = field.clean(url)
except ValidationError, err:
log.warning('[%s] Invalid url provided\n%s' % (url,
'\n'.join(err.messages)))
return HttpResponseBadRequest(("Loading attachment failed\n"
"%s") % parse_validation_messages(err))
except Exception, err:
log.warning('[%s] Exception raised\n%s' % (url, str(err)))
return HttpResponseBadRequest(str(err))
def upload_attachments(request, id_number, type_id,
revision_number=None, version_name=None):
""" Upload new attachments to the PackageRevision
"""
revision = get_package_revision(None, id_number, type_id, revision_number,
version_name)
if request.user.pk != revision.author.pk:
log_msg = ("[security] Attempt to upload attachment to package (%s) "
"by non-owner (%s)" % (id_number, request.user))
log.warning(log_msg)
return HttpResponseForbidden(
'You are not the author of this %s' % escape(
revision.package.get_type_name()))
content = request.raw_post_data
filename = request.META.get('HTTP_X_FILE_NAME')
if not filename:
log_msg = 'Path not found: %s, package: %s.' % (
filename, id_number)
log.error(log_msg)
return HttpResponseServerError('Path not found.')
try:
attachment = revision.attachment_create_by_filename(
request.user, filename, content)
except ValidationError, e:
return HttpResponseForbidden(
'Validation errors.\n%s' % parse_validation_messages(e))
def add_empty_attachment(request, id_number, type_id,
revision_number=None, version_name=None):
""" Add new empty attachment to the PackageRevision
"""
revision = get_package_revision(None, id_number, type_id, revision_number,
version_name)
if request.user.pk != revision.author.pk:
log_msg = ("[security] Attempt to add attachment to package (%s) by "
"non-owner (%s)" % (id_number, request.user))
log.warning(log_msg)
return HttpResponseForbidden(
'You are not the author of this %s' % escape(
revision.package.get_type_name()))
filename = request.POST.get('filename', False)
if not filename:
log_msg = 'Path not found: %s, package: %s.' % (
filename, id_number)
log.error(log_msg)
return HttpResponseServerError('Path not found.')
try:
attachment = revision.attachment_create_by_filename(request.user,
filename, '')
except ValidationError, e:
return HttpResponseForbidden(
'Validation errors.\n%s' % parse_validation_messages(e))
def add_empty_attachment(request,
id_number,
type_id,
revision_number=None,
version_name=None):
""" Add new empty attachment to the PackageRevision
"""
revision = get_package_revision(None, id_number, type_id, revision_number,
version_name)
if request.user.pk != revision.author.pk:
log_msg = ("[security] Attempt to add attachment to package (%s) by "
"non-owner (%s)" % (id_number, request.user))
log.warning(log_msg)
return HttpResponseForbidden('You are not the author of this %s' %
escape(revision.package.get_type_name()))
filename = request.POST.get('filename', False)
if not filename:
log_msg = 'Path not found: %s, package: %s.' % (filename, id_number)
log.error(log_msg)
return HttpResponseServerError('Path not found.')
try:
attachment = revision.attachment_create_by_filename(
request.user, filename, '')
except ValidationError, e:
return HttpResponseForbidden('Validation errors.\n%s' %
parse_validation_messages(e))
def upload_attachment(request, revision_id):
""" Upload new attachment to the PackageRevision
"""
revision = get_object_with_related_or_404(PackageRevision, pk=revision_id)
log.debug(revision)
if request.user.pk != revision.author.pk:
log_msg = ("[security] Attempt to upload attachment to package (%s) "
"by non-owner (%s)" % (revision_id, request.user))
log.warning(log_msg)
return HttpResponseForbidden(
'You are not the author of this %s' % escape(
revision.package.get_type_name()))
f = request.FILES.get('upload_attachment')
filename = request.META.get('HTTP_X_FILE_NAME')
if not f:
log_msg = 'Path not found: %s, revision: %s.' % (
filename, revision_id)
log.error(log_msg)
return HttpResponseServerError('Path not found.')
content = f.read()
# try to force UTF-8 code, on error continue with original data
try:
content = unicode(content, 'utf-8')
except:
pass
try:
attachment = revision.attachment_create_by_filename(
request.user, filename, content)
except ValidationError, e:
return HttpResponseForbidden(
'Validation errors.\n%s' % parse_validation_messages(e))
def upload_attachments(request,
id_number,
type_id,
revision_number=None,
version_name=None):
""" Upload new attachments to the PackageRevision
"""
revision = get_package_revision(None, id_number, type_id, revision_number,
version_name)
if request.user.pk != revision.author.pk:
log_msg = ("[security] Attempt to upload attachment to package (%s) "
"by non-owner (%s)" % (id_number, request.user))
log.warning(log_msg)
return HttpResponseForbidden('You are not the author of this %s' %
escape(revision.package.get_type_name()))
content = request.raw_post_data
filename = request.META.get('HTTP_X_FILE_NAME')
if not filename:
log_msg = 'Path not found: %s, package: %s.' % (filename, id_number)
log.error(log_msg)
return HttpResponseServerError('Path not found.')
try:
attachment = revision.attachment_create_by_filename(
request.user, filename, content)
except ValidationError, e:
return HttpResponseForbidden('Validation errors.\n%s' %
parse_validation_messages(e))
def upload_attachment(request, revision_id):
""" Upload new attachment to the PackageRevision
"""
revision = get_object_with_related_or_404(PackageRevision, pk=revision_id)
log.debug(revision)
if request.user.pk != revision.author.pk:
log_msg = ("[security] Attempt to upload attachment to package (%s) "
"by non-owner (%s)" % (revision_id, request.user))
log.warning(log_msg)
return HttpResponseForbidden('You are not the author of this %s' %
escape(revision.package.get_type_name()))
f = request.FILES.get('upload_attachment')
filename = request.META.get('HTTP_X_FILE_NAME')
if not f:
log_msg = 'Path not found: %s, revision: %s.' % (filename, revision_id)
log.error(log_msg)
return HttpResponseServerError('Path not found.')
content = f.read()
# try to force UTF-8 code, on error continue with original data
try:
content = unicode(content, 'utf-8')
except:
pass
try:
attachment = revision.attachment_create_by_filename(
request.user, filename, content)
except ValidationError, e:
return HttpResponseForbidden('Validation errors.\n%s' %
parse_validation_messages(e))
if encoding in unicode_contenttypes:
content = unicode(content, encoding)
if len(content) >= settings.ATTACHMENT_MAX_FILESIZE + 1:
log.warning('[%s] Downloaded file is too big' % url)
return HttpResponseBadRequest("Loading attachment failed\n"
"File is too big")
log.info('[%s] Downloaded %db, encoding: %s' % (url, len(content),
encoding))
att.close()
try:
attachment = revision.attachment_create_by_filename(
request.user, filename, content)
except ValidationError, err:
log.warning("[%s] Validation error.\n%s" % (filename, str(err)))
return HttpResponseForbidden(
'Validation error.\n%s' % parse_validation_messages(err))
except Exception, err:
log.warning("[%s] Exception raised\n%s" % (filename, str(err)))
return HttpResponseForbidden(str(err))
return render_json(request,
"json/attachment_added.json",
{'revision': revision, 'attachment': attachment})
@require_POST
@login_required
@transaction.commit_on_success
def rename_attachment(request, revision_id):
"""
Rename an attachment in a PackageRevision
if encoding not in unicode_contenttypes and ext in EDITABLE_EXTENSIONS:
log.info('[%s] Forcing the "utf-8" encoding from ' '"%s"' % (url, encoding))
encoding = "utf-8"
# convert to unicode if needed
if encoding in unicode_contenttypes:
content = unicode(content, encoding)
if len(content) >= settings.ATTACHMENT_MAX_FILESIZE + 1:
log.warning("[%s] Downloaded file is too big" % url)
return HttpResponseBadRequest("Loading attachment failed\n" "File is too big")
log.info("[%s] Downloaded %db, encoding: %s" % (url, len(content), encoding))
att.close()
try:
attachment = revision.attachment_create_by_filename(request.user, filename, content)
except ValidationError, err:
log.warning("[%s] Validation error.\n%s" % (filename, str(err)))
return HttpResponseForbidden("Validation error.\n%s" % parse_validation_messages(err))
except Exception, err:
log.warning("[%s] Exception raised\n%s" % (filename, str(err)))
return HttpResponseForbidden(str(err))
return render_json(request, "json/attachment_added.json", {"revision": revision, "attachment": attachment})
@require_POST
@login_required
@transaction.commit_on_success
def rename_attachment(request, revision_id):
"""
Rename an attachment in a PackageRevision
"""
revision = get_object_with_related_or_404(PackageRevision, pk=revision_id)
if encoding in unicode_contenttypes:
content = unicode(content, encoding)
if len(content) >= settings.ATTACHMENT_MAX_FILESIZE + 1:
log.warning('[%s] Downloaded file is too big' % url)
return HttpResponseBadRequest("Loading attachment failed\n"
"File is too big")
log.info('[%s] Downloaded %db, encoding: %s' %
(url, len(content), encoding))
att.close()
try:
attachment = revision.attachment_create_by_filename(
request.user, filename, content)
except ValidationError, err:
log.warning("[%s] Validation error.\n%s" % (filename, str(err)))
return HttpResponseForbidden('Validation error.\n%s' %
parse_validation_messages(err))
except Exception, err:
log.warning("[%s] Exception raised\n%s" % (filename, str(err)))
return HttpResponseForbidden(str(err))
return render_json(request, "json/attachment_added.json", {
'revision': revision,
'attachment': attachment
})
@require_POST
@login_required
@transaction.commit_on_success
def rename_attachment(request, revision_id):
"""
